+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 11 to 13 of 13

Thread: Faraday Bag for mobile phones

  1. 28-08-2009 09:54 AM #11
    kern's Avatar
    kern
    kern is offline Administrator
    Send a message via ICQ to kern Send a message via MSN to kern
    Join Date
    May 2007
    Location
    up north
    Posts
    147

    Default

    @CF
    hmm interesting ...
    what size hole would render tha bag useless?

    and is that back at the lab or are officers expected to use aforementioned kit as part of the seizure procedure?

    Would this not necessitate removing the battery to get to the sim ?


    @udine
    re turning phones off etc, would that depend on the case scenario?
    would it do more harm than good?
    Would there be a case for adding a small booster supply to all phones on seizure to ensure that power remains on, but then to isolate it from RF by enclosing it in a faraday bag/box then interrogate at lab?

    maybe :
    preserve original from capture to lab, then interrogate it fully. then clone the sim and put a null one in.

    Would there be a case for making a working clone to gather more data from incoming calls ?

    Kern
    These are my personal views and in no way reflect that of Disklabs Computer Forensics
    Reply With Quote Reply With Quote  
  2. 28-08-2009 10:22 AM #12
    UDINE's Avatar
    UDINE
    UDINE is offline Computer Forensics Member - Making an Effort!
    Join Date
    Aug 2009
    Location
    Leeds
    Posts
    24

    Default

    Cheers for that Kern,

    preserve original from capture to lab, then interrogate it fully. then clone the sim and put a null one in.
    This is OK if the turn around from seizure to lab interrogation is short enough for the battery/power booster to not die. However it is the case that most phones we deal with have been left in storage, in normal evidence bags left on and died.
    It is often the case we interegate phones with messages received upto 2 days after the date of seizure.

    re Turning phones off, there is a chance that a small amount of data would be lost, like with RAM in computers, however the core data such as date and times would not be changed, nor would further activity be recorded by the handset.

    Would there be a case for making a working clone to gather more data from incoming calls ?
    As of yet it is impossible to make a fully working clone as the part of a SIM card that receives and transmits from and to the network is unaccessable.
    If a "perfect" clone was created the network would have no way of knowing it was not the real one so in effect you have inserted the original thus changing all last location data on the SIM and destroying all eveidential integrity.

    Just my thoughts...
    Reply With Quote Reply With Quote  
  3. 11-05-2010 02:42 PM #13
    Disklabs's Avatar
    Disklabs
    Disklabs is offline Administrator
    Send a message via MSN to Disklabs
    Join Date
    Dec 2006
    Posts
    379
    Blog Entries
    1

    Default

    Quote Originally Posted by CF@UNN View Post
    Hi Guys,

    Just adding the experience I have with this. We don't use faraday bags here as it is felt they are unreliable e.g. what if the bag has a hole in it. Instead we use RTL's ASECO kit and create a new sim which doesn't transmit to get the data.

    CF
    The problem with that is that you have to turn the kit off in the first place, which means that you lose settings. With the faraday bag, you simply photograph the phone in the bag so that you have a record of the settings. This then means that you can turn the phone off and use the ACESO kit or .XRY/.XACT etc.

    Regards,

    Simon
    This is my opinion and not that of Disklabs

    http://www.twitter.com/disklabs

    http://www.disklabs.com

    http://www.disklabsforensics.co.uk
    Reply With Quote Reply With Quote  
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules